Given Rapid7’s unique visibility into the credentials that attackers are choosing, we can measure a variety of statistics that are of interest to security practitioners and data scientists. For security practitioners, we report on the frequency and source of opportunistic attacks; the top attempted usernames, passwords, and username:password combinations, and the overlap between these chosen credentials and published password dumps collected from breach data.
Download and read the full report to learn about:
This report is written not only for security practitioners and those interested in keeping their organizations secure, but also to help educate legislators and policy¬makers with the on current issues with the law that affects active credential scanning for research purposes.
This paper is the product of nearly a year’s worth of opportunistic credential scanning data collected from Heisenberg, Rapid7’s public-facing network of low-interaction honeypots. Instead of focusing on the passwords that end users typically pick, with this data we can see what opportunistic scanners are using in order to test— and likely compromise— Internet connected point of sale (POS) systems, kiosks, and scamware-compromised desktop PCs which offer the Remote Desktop Protocol (RDP) service for remote management.